AlphaBay is counted among the largest trading marketplace on theDark Weband this is something that makes the platform inquisitive about prevailing security flaws and vulnerabilities. Recently a hacker identified the existence of two high-risk bugs and revealed this information on Reddit’s forum posts. The hacker, who uses the alias Cipher0007, managed to steal 200,000 private messages. These messages were exchanged between users/buyers and sellers.

ZDNetreportsthat Cipher0007 disclosed the vulnerabilities earlier this week and revealed onRedditthat these flaws could be used to steal private messages on AlphaBay. He compromised the website and took the first and last names of both the buyers and sellers on AlphaBay along with their nicknames, addresses and tracking IDs of the orders. The messages weren’t protected by PGP keys, which made it easier for Cipher0007 to steal them in such large proportion.

Must Read:

AlphaBay posted an officialstatement on Pastebinin which they admitted the presence of these bugs and also confirmed that Cipher0007 has hacked around 218,000 messages. It must be noted that the hacked messages weren’t older than 30 days since the site’s system automatically purges messages that are more than 30 days old.

To prove that he has managed to infiltrate AlphaBay and stole private messages, Cipher0007 posted numerous screenshots too.

Screenshot source: Reddit

Cipher0007 also opened support tickets on the website to warn other trading posts on the Dark Web about potentially dangerous security flaws and bugs that can expose private identities of users. AlphaBay rewarded Cipher0007 for not selling the flaws or exposing the stolen data to the public. Cipher0007 then disclosed the methods he used to exploit AlphaBay to the company and finally the developers at the trading platform managed to fix the flaws.

This is not the first time when a Dark Web domain has been hacked. In 2015, Anonymous hackers defaced the official website of so-called Islamic State (Daesh, IS, previously ISIS/ISIL) terrorist group on Tor .

Waqas Amir is a UK-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.